Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package paraview for openSUSE:Factory checked in at 2024-12-22 18:03:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/paraview (Old) and /work/SRC/openSUSE:Factory/.paraview.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "paraview" Sun Dec 22 18:03:36 2024 rev:55 rq:1232907 version:5.12.1 Changes: -------- --- /work/SRC/openSUSE:Factory/paraview/paraview.changes 2024-05-31 22:16:06.438470030 +0200 +++ /work/SRC/openSUSE:Factory/.paraview.new.1881/paraview.changes 2024-12-22 18:03:52.922973607 +0100 @@ -1,0 +2,5 @@ +Fri Dec 20 00:00:00 UTC 2024 - Vicente Adolfo Bolea Sanchez <[email protected]> + +- Added patch fix-CVE-2024-50602.patch which fixes CVE-2024-50602. + +------------------------------------------------------------------- New: ---- fix-CVE-2024-50602.patch BETA DEBUG BEGIN: New: - Added patch fix-CVE-2024-50602.patch which fixes CVE-2024-50602. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ paraview.spec ++++++ --- /var/tmp/diff_new_pack.rAp219/_old 2024-12-22 18:03:53.907014022 +0100 +++ /var/tmp/diff_new_pack.rAp219/_new 2024-12-22 18:03:53.911014186 +0100 @@ -56,6 +56,8 @@ Source2: https://www.paraview.org/files/v%{short_ver}/ParaViewGettingStarted-%{major_ver}.%{minor_ver}.0.pdf # PATCH-FIX-UPSTREAM paraview-desktop-entry-fix.patch [email protected] -- Fix desktop menu entry by inserting proper required categories Patch0: paraview-desktop-entry-fix.patch +# PATCH-FIX-UPSTREAM https://gitlab.kitware.com/vtk/vtk/-/merge_requests/11609 --- Fixes CVE-2024-50602 +Patch1: fix-CVE-2024-50602.patch # PATCH-FIX-OPENSUSE fix-libharu-missing-m.patch -- missing libraries for linking (gh#libharu/libharu#213) Patch2: fix-libharu-missing-m.patch # We need to change the default soname for vtk modules. ++++++ fix-CVE-2024-50602.patch ++++++ diff --git a/VTK/ThirdParty/expat/CMakeLists.txt b/VTK/ThirdParty/expat/CMakeLists.txt index eac9269138..7cb69efe25 100644 --- a/VTK/ThirdParty/expat/CMakeLists.txt +++ b/VTK/ThirdParty/expat/CMakeLists.txt @@ -8,9 +8,9 @@ vtk_module_third_party( "Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper" "Copyright (c) 2001-2019 Expat maintainers" SPDX_DOWNLOAD_LOCATION - "git+https://gitlab.kitware.com/third-party/expat.git@for/vtk-20220921-2.4.8"; + "git+https://gitlab.kitware.com/third-party/expat.git@for/vtk-20241030-2.4.8"; VERSION - "2.4.1" + "2.4.8" # CVE-2024-50602 fix manually added. STANDARD_INCLUDE_DIRS EXTERNAL PACKAGE EXPAT diff --git a/VTK/ThirdParty/expat/Testing/CMakeLists.txt b/VTK/ThirdParty/expat/Testing/CMakeLists.txt new file mode 100644 index 0000000000..35f9732a93 --- /dev/null +++ b/VTK/ThirdParty/expat/Testing/CMakeLists.txt @@ -0,0 +1 @@ +add_subdirectory(Cxx) diff --git a/VTK/ThirdParty/expat/Testing/Cxx/CMakeLists.txt b/VTK/ThirdParty/expat/Testing/Cxx/CMakeLists.txt new file mode 100644 index 0000000000..7f0b6aba12 --- /dev/null +++ b/VTK/ThirdParty/expat/Testing/Cxx/CMakeLists.txt @@ -0,0 +1,4 @@ +vtk_add_test_cxx(vtkexpatCxxTests tests + NO_DATA NO_VALID NO_OUTPUT + TestIncludeExpat.cxx) +vtk_test_cxx_executable(vtkexpatCxxTests tests) diff --git a/VTK/ThirdParty/expat/Testing/Cxx/TestIncludeExpat.cxx b/VTK/ThirdParty/expat/Testing/Cxx/TestIncludeExpat.cxx new file mode 100644 index 0000000000..33ac2b65d2 --- /dev/null +++ b/VTK/ThirdParty/expat/Testing/Cxx/TestIncludeExpat.cxx @@ -0,0 +1,8 @@ +#include "vtk_expat.h" + +#include <cstdlib> + +int TestIncludeExpat(int /*argc*/, char* /*argv*/[]) +{ + return EXIT_SUCCESS; +} diff --git a/VTK/ThirdParty/expat/update.sh b/VTK/ThirdParty/expat/update.sh index 1b4740f2cc..3781700497 100755 --- a/VTK/ThirdParty/expat/update.sh +++ b/VTK/ThirdParty/expat/update.sh @@ -8,7 +8,7 @@ readonly name="expat" readonly ownership="Expat Upstream <[email protected]>" readonly subtree="ThirdParty/$name/vtk$name" readonly repo="https://gitlab.kitware.com/third-party/expat.git"; -readonly tag="for/vtk-20231023-2.4.8" +readonly tag="for/vtk-20241030-2.4.8" readonly paths=" expat/.gitattributes expat/CMakeLists.txt diff --git a/VTK/ThirdParty/expat/vtk.module b/VTK/ThirdParty/expat/vtk.module index bbc9a339b8..95ec414d25 100644 --- a/VTK/ThirdParty/expat/vtk.module +++ b/VTK/ThirdParty/expat/vtk.module @@ -2,4 +2,6 @@ NAME VTK::expat LIBRARY_NAME vtkexpat +TEST_DEPENDS + VTK::TestingCore THIRD_PARTY diff --git a/VTK/ThirdParty/expat/vtkexpat/CMakeLists.txt b/VTK/ThirdParty/expat/vtkexpat/CMakeLists.txt index 1910141339..a213b32ec7 100644 --- a/VTK/ThirdParty/expat/vtkexpat/CMakeLists.txt +++ b/VTK/ThirdParty/expat/vtkexpat/CMakeLists.txt @@ -459,9 +459,10 @@ set(expat_headers lib/vtk_expat_mangle.h) vtk_module_add_module(VTK::expat + HEADER_DIRECTORIES SOURCES ${_EXPAT_C_SOURCES} HEADERS ${expat_headers} - HEADERS_SUBDIR "vtkexpat/lib") + HEADERS_SUBDIR "vtkexpat") endif () if (FALSE) # XXX(kitware): VTK handles installation diff --git a/VTK/ThirdParty/expat/vtkexpat/lib/expat.h b/VTK/ThirdParty/expat/vtkexpat/lib/expat.h index c076f3d535..1475d1e783 100644 --- a/VTK/ThirdParty/expat/vtkexpat/lib/expat.h +++ b/VTK/ThirdParty/expat/vtkexpat/lib/expat.h @@ -129,7 +129,9 @@ enum XML_Error { /* Added in 2.3.0. */ XML_ERROR_NO_BUFFER, /* Added in 2.4.0. */ - XML_ERROR_AMPLIFICATION_LIMIT_BREACH + XML_ERROR_AMPLIFICATION_LIMIT_BREACH, + /* Added in 2.6.4. */ + XML_ERROR_NOT_STARTED, }; enum XML_Content_Type { diff --git a/VTK/ThirdParty/expat/vtkexpat/lib/xmlparse.c b/VTK/ThirdParty/expat/vtkexpat/lib/xmlparse.c index e986156ecb..a770978e13 100644 --- a/VTK/ThirdParty/expat/vtkexpat/lib/xmlparse.c +++ b/VTK/ThirdParty/expat/vtkexpat/lib/xmlparse.c @@ -2162,6 +2162,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { if (parser == NULL) return XML_STATUS_ERROR; switch (parser->m_parsingStatus.parsing) { + case XML_INITIALIZED: + parser->m_errorCode = XML_ERROR_NOT_STARTED; + return XML_STATUS_ERROR; case XML_SUSPENDED: if (resumable) { parser->m_errorCode = XML_ERROR_SUSPENDED; @@ -2172,7 +2175,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { case XML_FINISHED: parser->m_errorCode = XML_ERROR_FINISHED; return XML_STATUS_ERROR; - default: + case XML_PARSING: if (resumable) { #ifdef XML_DTD if (parser->m_isParamEntity) { @@ -2183,6 +2186,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { parser->m_parsingStatus.parsing = XML_SUSPENDED; } else parser->m_parsingStatus.parsing = XML_FINISHED; + break; + default: + assert(0); } return XML_STATUS_OK; } @@ -2447,6 +2453,9 @@ XML_ErrorString(enum XML_Error code) { case XML_ERROR_AMPLIFICATION_LIMIT_BREACH: return XML_L( "limit on input amplification factor (from DTD and entities) breached"); + /* Added in 2.6.4. */ + case XML_ERROR_NOT_STARTED: + return XML_L("parser not started"); } return NULL; }
